1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158
|
=head1 NAME
libnbd-release-notes-1.24 - release notes for libnbd 1.24
=head1 DESCRIPTION
These are the release notes for libnbd stable release 1.24.
This describes the major changes since 1.22.
libnbd 1.24.0 was released on B<16 December 2025>.
=head2 Security
In L<nbd_connect_uri(3)>, and in several libnbd tools (for example,
L<nbdinfo(1)>), when using nbd+ssh:// URIs, the hostname field was not
adequately sanitized. A consequence is that an attacker who can
control this field in the URI could run commands from libnbd. This
issue affected libnbd E<ge> 1.22. For more information see:
L<https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/YZMBF3SJRWTRVT5L3KWSNHITFTRMQNTT/>
If you find a security issue, please read F<SECURITY> in the source
(online here:
L<https://gitlab.com/nbdkit/libnbd/blob/master/SECURITY>). To
find out about previous security issues in libnbd, see
L<libnbd-security(3)>.
=head2 New APIs
New L<nbd_get_version_extra(3)> returns the string passed to
C<./configure --with-extra="...">. This is intended to be used by
downstream packagers.
New L<nbd_get_handle_size(3)> which returns an estimate of the size of
the handle in bytes. This is intended for use by garbage collected
languages as a hint for when to free the handle.
New L<nbd_get_tls_priority(3)> and L<nbd_set_tls_priority(3)> which
allow you to temporarily override the system TLS priority string.
New L<nbd_set_uri_allow_tls_priority(3)> API which lets you enable the
new C<?tls-priority=PRIORITY> feature in NBD URIs (this is disabled by
default).
=head2 Enhancements to existing APIs
In L<nbd_connect_uri(3)> nbd+ssh:// URIs, extra C<nbd-port> and
C<tls-username> query parameters allow you to separately control the
NBD TLS and SSH user/port. The new C<compress=true> query parameter
lets you enable SSH compression.
Also in nbd_connect_uri, the new C<tls-priority=PRIORITY> parameter
lets you override the TLS priority string (but this is not enabled by
default, see previous section).
=head2 Protocol
Post-Quantum Cryptography (PQC) ciphers and certificates for TLS
connections are now fully supported. As part of this change multiple
client certificates can now be loaded by the library. (Thanks Dan
Berrange).
=head2 Tools
New L<nbddiscard(1)> and L<nbdzero(1)> tools which can be used to
trim/discard, or zero, part or all of an NBD disk (additional features
by Eric Blake).
New L<nbdcopy(1)> I<--blkhash> feature. This can calculate the
blkhash (similar to a checksum) of the image as it is being copied
(Nir Soffer, Vera Wu).
nbdcopy now obeys I<--destination-is-zero> and I<--allocated> options
when running in synchronous mode (Nir Soffer).
=head2 Language bindings
OCaml bindings now implement C<NBD.Buffer.is_zero>
OCaml bindings now provide a better estimate of the size of the libnbd
handle to the garbage collector, allowing it to — at least in theory —
make better decisions on when to free the handle (thanks Kit-ty-kate).
Python bindings implement indexing and slicing of C<nbd.Buffer>
Improve the automatic conversion of POD documentation to Rust
documentation. Previously garbled mark-up will now be converted
properly.
=head2 Tests
Enhanced tests of the nbdcopy I<--allocated> and
I<--destination-is-zero> options.
When running libnbd tests on ZFS, several tests would fail. They are
now skipped (thanks Arsen Arsenović, Eric Blake).
=head2 Other improvements and bug fixes
nbdcopy now gives a hard error if the Linux system call
L<sync_file_range(2)> fails. This can happen for certain device I/O
errors (thanks Eric Sandeen, Dave Chinner).
On macOS and Linux, set Unix domain socket buffer sizes for improved
performance (Nir Soffer).
Fix several typos and spelling mistakes in the documentation (Eric
Blake).
=head2 Documentation
New L<libnbd-python(3)> page which provides an introduction to the
Python API. This information was previously scattered in a few
places.
=head2 Build
C<./configure --with-extra="..."> can be used by downstream packagers
to add extra information to the I<--version> output of tools, such as
the version of the downstream package.
Colourize and improve the C<./configure> output, if using a terminal.
=head2 Internals
Copy new vector and string functions from nbdkit, including
C<vector_uniq>, C<vector_append_array>, C<vector_insert_array>,
C<vector_remove_range>, C<string_append_format>.
Fix the memory allocation behaviour of the internal vector library,
which should reduce memory usage in some situations (Eric Blake).
=head1 SEE ALSO
L<libnbd(3)>.
=head1 AUTHORS
=begin comment
git shortlog -s v1.22.0..
=end comment
=over 4
=item Christopher Byrne
=item Eric Blake
=item Nir Soffer
=item Richard W.M. Jones
=back
=head1 COPYRIGHT
Copyright Red Hat
|